Legal claims defining the scope of protection. Each claim is shown in both the original legal language and a plain English translation.
1. A method including: at rewrite circuitry: collecting a number of key secret portions; combining the number of key secret portions, the combining responsive to an event, the event including the number of key secret portions exceeding a pre-determined threshold, the predetermined threshold including a threshold for validity-preserving rewrites; and the combining executed to obtain a rewrite key secret; performing a validity-preserving rewrite to a selected block of a data-tamper-protected blockchain, the performing responsive to obtaining the rewrite key secret, and the performing including determining new content for the selected block using the rewrite key secret.
This invention relates to blockchain technology, specifically addressing the challenge of securely rewriting data in a tamper-protected blockchain while maintaining its integrity. The method involves a process for generating a rewrite key secret and using it to perform a validity-preserving rewrite of a selected block in the blockchain. The system includes rewrite circuitry that collects multiple key secret portions, which are combined in response to an event. This event occurs when the number of collected key secret portions exceeds a predetermined threshold, which is set to ensure that the rewrite operation preserves the blockchain's validity. The combining process generates a rewrite key secret, which is then used to determine new content for the selected block. The rewrite operation is executed only after the rewrite key secret is obtained, ensuring that the blockchain's tamper-protected nature is maintained while allowing controlled modifications. This approach enables secure and authorized updates to blockchain data without compromising its integrity or security.
2. The method of claim 1 , further including: responsive to the number of key secret portions exceeding a granting threshold, combining the number of key secret portions to obtain a granting key secret; and responsive to obtaining the granting key secret, assigning at least a key secret portion to an untrusted party.
This invention relates to secure key management systems, specifically methods for distributing and reconstructing cryptographic keys among multiple parties to enhance security and control access. The problem addressed is the need to securely manage cryptographic keys in environments where trust cannot be fully placed in all parties involved, ensuring that key reconstruction and access are only granted under specific conditions. The method involves distributing a cryptographic key into multiple key secret portions, where each portion alone is insufficient to reconstruct the full key. A granting threshold is established, representing the minimum number of key secret portions required to reconstruct the key. When the number of key secret portions exceeds this threshold, they are combined to obtain a granting key secret, which enables access to the full cryptographic key. Additionally, the method allows for assigning at least one key secret portion to an untrusted party, ensuring that even if a portion is compromised, the full key remains secure unless the granting threshold is met. This approach enhances security by preventing unauthorized key reconstruction while allowing controlled access when sufficient portions are available. The system is particularly useful in multi-party computation, secure data sharing, and access control scenarios where trust must be distributed among multiple entities.
3. The method of claim 1 , where collecting the number of key secret portions includes collecting the number of key secret portions using a key secret exchange operation.
A system and method for securely managing cryptographic keys involves distributing a master key into multiple key secret portions, where each portion is stored separately to enhance security. The method includes collecting the number of key secret portions required for reconstruction, where this collection process utilizes a key secret exchange operation to securely obtain the portions from different storage locations. The key secret exchange operation ensures that the portions are retrieved in a way that prevents unauthorized access or reconstruction of the master key. The system may also include a key secret storage module for storing the key secret portions and a key secret reconstruction module for combining the portions to reconstruct the master key when needed. This approach improves security by distributing the key components and using secure exchange protocols to manage access, reducing the risk of unauthorized key reconstruction. The method is particularly useful in environments where high-security key management is required, such as in financial systems, encrypted communications, or secure data storage.
4. The method of claim 3 , where the key secret exchange operation prevents disclosure of content of individual ones of the number of key secret portions.
A system and method for secure key exchange in distributed computing environments addresses the challenge of securely sharing cryptographic keys among multiple parties without exposing individual key portions. The method involves dividing a cryptographic key into multiple secret portions and distributing these portions to different entities. A key secret exchange operation is performed to reconstruct the full key from the portions while ensuring that the content of any individual portion remains undisclosed during the process. This prevents any single entity from accessing the complete key or inferring the contents of other portions. The technique leverages cryptographic protocols such as threshold secret sharing or secure multi-party computation to maintain confidentiality. The method is particularly useful in scenarios requiring collaborative decryption or authentication where no single participant should have access to the full key. The system ensures that even if some portions are compromised, the full key remains secure unless a sufficient number of portions are combined. This approach enhances security in distributed systems, cloud computing, and multi-party cryptographic applications by minimizing exposure of sensitive key material.
5. The method of claim 3 , where the key secret exchange operation uses a public key exchange protocol.
A system and method for secure key exchange in cryptographic communications involves exchanging cryptographic keys between two parties using a public key exchange protocol. The method includes generating a key pair consisting of a public key and a private key for each party, where the public key is shared with the other party while the private key remains confidential. The key exchange operation is performed using a public key exchange protocol, such as Diffie-Hellman or RSA, to establish a shared secret key between the parties. This shared secret key is then used to encrypt and decrypt communications, ensuring secure data transmission. The method may also include additional steps such as authentication of the parties involved to prevent man-in-the-middle attacks. The system is designed to address the problem of securely exchanging cryptographic keys over an untrusted network, where traditional key distribution methods are vulnerable to interception or tampering. By using a public key exchange protocol, the method ensures that the shared secret key is derived securely without requiring prior shared secrets, thus enhancing the security of cryptographic communications.
6. The method of claim 1 , where individual ones of the number of key secret portions contribute unequally to exceeding the threshold for validity-preserving rewrites.
A system and method for secure key management involves distributing a cryptographic key into multiple secret portions, where each portion contributes differently to the validity of the key when combined. The key is divided into a set of portions, and a threshold number of these portions must be combined to reconstruct the original key. However, the contributions of individual portions to the threshold are not equal—some portions have a greater impact on meeting the threshold requirement than others. This unequal contribution allows for more flexible and secure key reconstruction, as the system can enforce different levels of access or validation based on the specific portions provided. The method ensures that even if some portions are compromised, the key remains secure unless the threshold is met with the correct combination of portions. This approach enhances security by making it harder for an attacker to reconstruct the key without access to the most critical portions. The system can be used in applications requiring high-security key management, such as blockchain, digital signatures, or secure authentication systems.
7. The method of claim 1 , where the data-tamper-protected blockchain includes multiple blocks, each of the multiple blocks: secured via an integrity code stored within the data-tamper-protected blockchain; and storing an integrity code that secures another block in the data-tamper-protected blockchain.
A system and method for securing data using a blockchain structure involves a data-tamper-protected blockchain composed of multiple interconnected blocks. Each block in the blockchain is secured by an integrity code stored within the blockchain itself, ensuring that any tampering with the block's data would be detectable. Additionally, each block contains an integrity code that secures another block in the blockchain, creating a chain of dependencies. This interdependent structure enhances security by making it difficult to alter any single block without affecting the integrity of the entire chain. The integrity codes may include cryptographic hashes or digital signatures, ensuring that any unauthorized modification to a block would invalidate the corresponding integrity code, thus alerting the system to potential tampering. This approach provides a robust mechanism for verifying the authenticity and integrity of stored data, making it suitable for applications requiring high levels of security, such as financial transactions, supply chain tracking, or digital identity verification. The system ensures that data remains tamper-evident and resistant to unauthorized alterations, maintaining trust in the recorded information.
8. The method of claim 1 , where individual ones of the number of key secret portions are each controlled by different individually-untrusted parties.
A system and method for secure key management involves distributing a cryptographic key into multiple secret portions, where each portion is independently controlled by different untrusted parties. The key is reconstructed only when a sufficient number of these portions are combined, ensuring that no single party can access the complete key. This approach prevents unauthorized access or misuse by any individual party, as the key remains secure unless a predefined threshold of participants collaborates. The method includes generating the key, splitting it into portions, and distributing these portions to distinct, mutually distrustful entities. Each portion is insufficient on its own to reconstruct the key, and the system enforces access controls to ensure that only authorized combinations of portions can be used for decryption or other cryptographic operations. This technique is particularly useful in scenarios requiring high-security key management, such as multi-party computation, secure data storage, or distributed consensus systems, where trust cannot be fully placed in any single entity. The system may also include mechanisms to verify the integrity of the portions and detect tampering.
9. The method of claim 1 , where the selected block is coding-consistent with an integrity output stored within a specific block of the data-tam per-protected blockchain, the specific block different than the selected block.
A method for ensuring data integrity in a blockchain system involves verifying that a selected block of data is coding-consistent with an integrity output stored in a different block within the same blockchain. The blockchain is designed to protect data from tampering, and this method enhances security by cross-referencing integrity information across multiple blocks. The integrity output, which may include a cryptographic hash or digital signature, is stored in a specific block that is distinct from the selected block being verified. This cross-checking process helps detect unauthorized modifications by ensuring that the selected block adheres to the expected coding and integrity standards defined by the stored output. The method may also involve comparing the selected block's data structure, encoding, or cryptographic properties with the integrity output to confirm consistency. By distributing integrity verification across different blocks, the system reduces the risk of localized tampering and improves overall blockchain reliability. This approach is particularly useful in applications requiring high levels of data security, such as financial transactions, supply chain tracking, or digital identity verification. The method may be implemented as part of a broader blockchain validation protocol, ensuring that all blocks maintain consistency with predefined integrity criteria.
10. The method of claim 1 , where: determining new content for the selected block using the rewrite key secret includes using the rewrite key secret to determine collision data based on altered payload data for the selected block; and performing the validity-preserving rewrite to a selected block of the data-tamper-protected blockchain includes overwriting the selected block with the collision data and the altered payload data.
A method for securely rewriting data in a blockchain while preserving its integrity involves modifying a selected block using a cryptographic technique. The blockchain is designed to protect against tampering, and the method ensures that any changes maintain the blockchain's validity. The process begins by selecting a block within the blockchain for modification. A rewrite key secret is used to generate collision data based on altered payload data for the selected block. This collision data is then combined with the altered payload data to overwrite the original block. The rewrite key secret ensures that the modified block remains cryptographically valid, preventing detection of unauthorized changes. This approach allows for controlled updates to blockchain data without compromising the security or integrity of the ledger. The method is particularly useful in scenarios where blockchain data must be updated while maintaining trust in the system.
11. A system including: rewrite circuitry configured to: collect a number of key secret portions; combine the number of key secret portions, the rewrite circuitry configured to combine the number of key secret portions responsive to an event, the event including the number of key secret portions exceeding a predetermined threshold, the predetermined threshold including a threshold for validity-preserving rewrites; and the rewrite circuitry configured to combine the number of key secret portions to obtain a rewrite key secret; and perform a validity-preserving rewrite to a selected block of a data-tamper-protected blockchain, the rewrite circuitry configured to perform a validity-preserving rewrite responsive to obtaining the rewrite key secret, and the rewrite circuitry configured to perform a validity-preserving rewrite by determining new content for the selected block using the rewrite key secret.
The system relates to secure data management in blockchain networks, specifically addressing the challenge of maintaining data integrity while allowing controlled modifications to blockchain blocks. The system includes rewrite circuitry designed to manage and update blockchain data in a tamper-proof manner. The circuitry collects multiple key secret portions, which are combined when a specific event occurs. This event is triggered when the number of collected key secret portions exceeds a predetermined threshold, ensuring that the combination process is only initiated under controlled conditions. The threshold is set to ensure that the resulting rewrite operation preserves the validity of the blockchain, preventing unauthorized or invalid modifications. Once the threshold is met, the circuitry combines the key secret portions to generate a rewrite key secret. Using this key, the system performs a validity-preserving rewrite on a selected block of a data-tamper-protected blockchain. The rewrite process involves determining new content for the selected block while ensuring that the blockchain's integrity and security are maintained. This approach allows for controlled updates to blockchain data without compromising the overall security of the network.
12. The system of claim 11 , where the rewrite circuitry is further configured to: responsive to the number of key secret portions exceeding a granting threshold, combine the number of key secret portions to obtain a granting key secret; and responsive to obtaining the granting key secret, assign at least a key secret portion to an untrusted party.
This invention relates to secure key management systems, specifically addressing challenges in distributing and managing cryptographic key secrets among multiple parties while ensuring security and access control. The system involves a key management architecture where a master key secret is divided into multiple key secret portions, each distributed to different parties. The system includes rewrite circuitry that dynamically adjusts access permissions based on the number of key secret portions held by a party. If the number of key secret portions held by a party exceeds a predefined granting threshold, the system combines these portions to reconstruct a granting key secret. Once the granting key secret is obtained, the system assigns at least one additional key secret portion to an untrusted party, effectively expanding access while maintaining security. This mechanism ensures that only parties meeting specific criteria can obtain full access to the key secret, preventing unauthorized access while allowing controlled distribution. The system is designed to enhance security in environments where multiple parties must collaborate without fully trusting each other, such as in decentralized systems or multi-party computation scenarios. The rewrite circuitry dynamically manages key portions to balance security and accessibility, ensuring that key secrets remain protected while enabling authorized access when required.
13. The system of claim 11 , where the rewrite circuitry is configured to collect the number of key secret portions by collecting the number of key secret portions using a key secret exchange operation.
The system relates to cryptographic key management, specifically addressing the secure distribution and handling of cryptographic keys in a computing environment. The problem being solved involves securely managing key secret portions, which are parts of a cryptographic key, to prevent unauthorized access or reconstruction of the full key. The system includes circuitry designed to collect these key secret portions using a key secret exchange operation, ensuring that the portions are distributed and managed in a way that maintains security. The key secret exchange operation involves a secure protocol that allows different parties to exchange or share key secret portions without revealing the full key to any single entity. This approach enhances security by distributing the risk and ensuring that no single point of failure exists. The system may also include other components, such as storage or processing units, that work in conjunction with the rewrite circuitry to handle the key secret portions efficiently and securely. The overall goal is to provide a robust mechanism for managing cryptographic keys in a way that minimizes exposure and maximizes security.
14. The system of claim 13 , where the key secret exchange operation is configured to prevent disclosure of content of individual ones of the number of key secret portions.
A system for secure key exchange in cryptographic communications addresses the challenge of protecting sensitive key material during distribution. The system divides a cryptographic key into multiple secret portions, each encrypted with a unique encryption key derived from a shared secret. During key exchange, these portions are transmitted separately, ensuring that no single portion reveals the complete key. The system includes a key generation module that splits the original key into portions and encrypts each with a distinct derived key. A transmission module sends these encrypted portions over separate communication channels or at different times to minimize exposure. A reconstruction module reassembles the portions and decrypts them using the shared secret to recover the original key. The system also includes a verification module to confirm the integrity and authenticity of the exchanged key portions. This approach prevents disclosure of the full key or any individual portion, enhancing security against interception or tampering. The system is applicable in secure communications, distributed computing, and multi-party cryptographic protocols where key confidentiality is critical.
15. The system of claim 13 , where the key secret exchange operation is configured to use a public key exchange protocol.
A system for secure key exchange in a cryptographic communication network addresses the challenge of securely distributing cryptographic keys between parties without interception or tampering. The system includes a key secret exchange operation that facilitates the secure transfer of cryptographic keys between two or more entities. This operation is configured to use a public key exchange protocol, such as Diffie-Hellman or RSA, to establish a shared secret key over an insecure communication channel. The system may also include a key generation module that creates cryptographic keys for use in the exchange process, and a key storage module that securely stores the generated keys. Additionally, the system may include a key validation module that verifies the integrity and authenticity of the exchanged keys to prevent unauthorized access. The public key exchange protocol ensures that the keys are exchanged securely, even if the communication channel is compromised, by using mathematical algorithms that prevent eavesdroppers from deriving the shared secret from intercepted communications. This system is particularly useful in applications requiring secure data transmission, such as financial transactions, military communications, and encrypted messaging.
16. The system of claim 11 , where individual ones of the number of key secret portions contribute unequally to exceeding threshold for validity-preserving rewrites.
A system for secure data storage and retrieval involves distributing a secret into multiple key secret portions, where each portion contributes unequally to meeting a threshold requirement for validity-preserving rewrites. The system ensures that only authorized parties can reconstruct the secret by combining a sufficient number of these portions, while unauthorized access remains infeasible. The unequal contribution of individual key secret portions enhances security by making it difficult for an attacker to determine which portions are necessary to reconstruct the secret. The system may include a storage device for storing the key secret portions, a processor for performing cryptographic operations, and a communication interface for transmitting and receiving data. The system may also include a validation module to verify the authenticity and integrity of the key secret portions before reconstruction. The unequal contribution mechanism ensures that even if an attacker obtains some portions, they cannot easily determine the minimum number required to reconstruct the secret, thereby increasing the difficulty of unauthorized access. The system may be used in applications such as secure data storage, digital signatures, and key management systems.
17. The system of claim 11 where the data-tamper-protected blockchain includes multiple blocks, each of the multiple blocks: secured via an integrity code stored within the data-tamper-protected blockchain; and storing an integrity code that secures another block in the data-tamper-protected blockchain.
A system for securing data integrity using a blockchain structure is disclosed. The system addresses the problem of data tampering by implementing a blockchain where each block is cryptographically linked to others, ensuring that any unauthorized modification is detectable. The blockchain consists of multiple blocks, each containing an integrity code that secures the block itself and another block within the chain. This dual-layered security mechanism ensures that altering any single block would invalidate the integrity of subsequent blocks, making tampering evident. The integrity codes are stored within the blockchain itself, eliminating reliance on external verification systems. This approach enhances data trustworthiness by creating an immutable record where each block's integrity is interdependent on others, preventing undetected modifications. The system is particularly useful in applications requiring high security, such as financial transactions, supply chain tracking, or digital identity verification. The blockchain's structure ensures that any attempt to alter data is detectable, maintaining the integrity of the entire dataset.
18. A product including: machine-readable media other than a transitory signal; instructions stored on the machine-readable media, the instructions configured to, when executed, cause a machine to: at rewrite circuitry: collect a number of key secret portions; combine the number of key secret portions, the instructions configured to cause the machine to combine the number of key secret portions responsive to an event, the event including the number of key secret portions exceeding a predetermined threshold, the predetermined threshold including a threshold for validity-preserving rewrites; and the instructions configured to cause the machine to combine the number of key secret portions to obtain a rewrite key secret; and perform a validity-preserving rewrite to a selected block of a data-tamper-protected blockchain, the instructions configured to cause the machine to perform a validity-preserving rewrite responsive to obtaining the rewrite key secret, and the instructions configured to cause the machine to perform a validity-preserving rewrite by determining new content for the selected block using the rewrite key secret.
This invention relates to secure data management in blockchain systems, specifically addressing the challenge of performing controlled, validity-preserving rewrites to tamper-protected blockchain data. The system involves a product with non-transitory machine-readable media storing instructions that, when executed, enable a machine to manage and rewrite blockchain data securely. The process begins by collecting multiple key secret portions, which are combined only when a specific event occurs—namely, when the number of collected portions exceeds a predetermined threshold. This threshold ensures that the combination of portions is valid and authorized for a rewrite operation. The combined key secret portions form a rewrite key secret, which is then used to perform a validity-preserving rewrite on a selected block of a data-tamper-protected blockchain. The rewrite operation involves determining new content for the selected block using the rewrite key secret, ensuring that the modification maintains the blockchain's integrity and security. This approach allows for controlled updates to blockchain data while preserving its tamper-proof properties, addressing the need for secure, authorized modifications in blockchain systems.
19. The product of claim 18 , where individual ones of the number of key secret portions are each controlled by different individually-untrusted parties.
A system for secure key management distributes a cryptographic key into multiple secret portions, where each portion is controlled by a different untrusted party. The key is reconstructed only when a sufficient number of these portions are combined, ensuring that no single party can access the complete key. This approach prevents unauthorized access or misuse by any individual party, as the key remains secure unless a threshold of participants collaborates. The system is designed for environments where trust cannot be fully placed in any single entity, such as distributed computing, multi-party computation, or secure data storage. The key portions may be generated using cryptographic techniques like secret sharing, where mathematical properties ensure that the key can only be reconstructed when a predefined threshold of portions is provided. This method enhances security by eliminating single points of failure and reducing the risk of key compromise. The system is particularly useful in applications requiring high security, such as financial transactions, confidential data storage, or access control systems.
20. The product of claim 18 , where the selected block is coding-consistent with an integrity output stored within a specific block of the data-tamper-protected blockchain, the specific block different than the selected block.
A system and method for verifying data integrity in a blockchain network addresses the challenge of ensuring that data stored in a blockchain remains tamper-proof and consistent. The invention involves a blockchain structure where data blocks are linked cryptographically, and integrity checks are performed to detect unauthorized modifications. A selected block in the blockchain is verified by comparing its coding consistency with an integrity output stored in a different block within the same blockchain. This ensures that the selected block has not been altered without authorization, as any tampering would disrupt the expected coding consistency between the blocks. The integrity output may include a hash value, digital signature, or other cryptographic proof that validates the integrity of the selected block. The system may also include mechanisms for generating and storing these integrity outputs in designated blocks, ensuring that the verification process can be performed efficiently and reliably. This approach enhances the security and trustworthiness of blockchain-based data storage by providing a robust method for detecting and preventing data tampering.
Unknown
April 14, 2020
Browse 5M+ US patents with plain-English claim translations and AI-generated analysis.